I am developing a device that embeds a PC with Windows 2000 Pro as it's base operating system. Once installed this device may (or may not) be attached to a LAN. I have replaced the standard shell (explorer.exe) with my own dedicated application, however I permit the user certain functionality such as attaching the PC to a domain.
When this happens, and the user logs in, the domain supplies the login script to run, and can do vertually anything it wants to this PC.
So my question is, given the fact that I can setup my PCs with any configuration I need, is there a way to secure this PC so that the unknown domain cannot get access to the system, yet the PC will still be able to access resources (i.e. file servers) in the domain??
When this happens, and the user logs in, the domain supplies the login script to run, and can do vertually anything it wants to this PC.
So my question is, given the fact that I can setup my PCs with any configuration I need, is there a way to secure this PC so that the unknown domain cannot get access to the system, yet the PC will still be able to access resources (i.e. file servers) in the domain??